A former IT security analyst at Oxford Biomedica recently confessed to an astonishing act that took place five years ago. In an unexpected twist, the analyst hijacked a cyber attack targeting his own company, with the intention of diverting ransom payments for personal gain. The revelation came to light during an investigation conducted by the South East Regional Organised Crime Unit (SEROCU), leading to a guilty plea from Ashley Liles, the former security analyst.
The Unveiling of a Sinister Scheme
On February 27, 2018, Oxford Biomedica, a renowned gene and cell therapy company based in Oxford, encountered a “security incident” involving unauthorized access to their computer systems. The perpetrators promptly informed company executives, demanding a ransom of £300,000 in Bitcoin. Ashley Liles, assigned to the task of investigating the attack, alongside colleagues and the police, soon found himself at the center of SEROCU’s inquiry.
A Hidden Agenda Revealed
During the course of the investigation, it became evident that Liles, now 28 years old, had surreptitiously integrated himself into the criminal act, hoping to redirect the ransom payments for personal gain. Liles, acting as the security analyst for Oxford Biomedica, exploited his position to access a board member’s emails on more than 300 occasions. By modifying the original blackmail email and altering the payment details provided by the initial attacker, Liles exerted pressure on the company to comply with the ransom demand.
Foiled Plans and Unraveling Secrets
Despite the company’s decision not to succumb to the ransom demand, Liles’s intrusive email activities did not escape notice. It was determined that the unauthorized access originated from Liles’s residence. Subsequently, specialized SEROCU officers apprehended Liles and conducted a search of his property. Seized items included a computer, laptop, phone, and USB stick. Although Liles had attempted to wipe his devices prior to his arrest, the data was successfully recovered.
The Truth Comes to Light
Throughout the investigation, Liles vehemently denied any involvement, despite mounting evidence against him. However, during his court appearance last week, he finally capitulated and admitted his guilt. Liles is scheduled for sentencing at Reading Crown Court on July 11.
The case of Ashley Liles serves as a stark reminder to those in the information security industry who may be tempted to cross ethical boundaries. This incident showcases the proficiency of cybercrime investigators and highlights the fact that attempting to conceal one’s tracks often proves futile. As Detective Inspector Rob Bryant from the SEROCU Cyber Crime Unit expressed his gratitude to Oxford Biomedica for their cooperation, it sends a clear message that cybercriminals will be pursued relentlessly to ensure justice is served.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.